RTS on trading platform order book records

To ensure unique, consistent and robust identification of natural persons referred to in order records, those should be identified by a concatenation of the country of their nationality followed by identifiers assigned by the country of nationality of those persons. Where those identifiers are not available, natural persons should be identified by identifiers created from a concatenation of their date of birth and name. The identification of natural persons should be conducted following the level of prioritisation of different identifiers detailed in Annex II of Commission Delegated Regulation (EU) 2017/590(²)Commission Delegated Regulation (EU) 2017/590 of 28 July 2016 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards for the reporting of transactions to competent authorities (OJ L 87, 31.3.2017, p. 449, ELI: http://data.europa.eu/eli/reg_del/2017/590/oj)..

It is possible that natural persons that need to be identified for record keeping are residents of a country other than the one of their nationality. Several obligations under Regulation (EU) 2023/1114 are linked to the country of residence of natural persons and collecting that information under this Regulation is therefore important to ensure effective supervision of transactions and orders by competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens;.

It is necessary that certain personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679; are recorded by crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; to identify their clientsmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services; or other natural persons relevant for orders in crypto-assetsmeans a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology;, as these data are fundamental to ensure efficient supervision by competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens;, including in the area of market abuse. In compliance with the principle of data minimisation set out in Regulation (EU) 2016/679 of the European Parliament and of the Council(³)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)., crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; should keep only information that is necessary and sufficient to enable the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; to carry out a comprehensive assessment of the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59;’s compliance with the requirements of Regulation (EU) 2023/1114 and to monitor the trading activity relating to crypto-assetsmeans a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology; orders. When processing personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679; included in the records, crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; and competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; should comply with the relevant provisions of Regulation (EU) 2016/679.

To facilitate market surveillance and allow comparability of the records, clientsmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services; that are legal entities should be identified with an identifier that is compatible with the internationally established criteria for the development of robust identification systems for the monitoring of financial markets. With a view to ensuring a consistent supervisory approach, the entity identifiers provided for in Commission Delegated Regulation establishing technical standards adopted pursuant to Article 68(10), first subparagraph, point (b), it is appropriate to provide for the use of entity identifiers in this Regulation under the same conditions as in that Regulation.

Making a choice as to which crypto-assetmeans a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology; trading platform to execute orders on or which crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; to transmit orders to, or determining any other conditions related to the execution of the order can be directly relevant for establishing market abuse behaviour. Therefore, to ensure effective market surveillance, a person or computer algorithm within the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; that is performing such activities should be identified in the order records. Where both a person and computer algorithm are involved, or more than one person or algorithm are involved, the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; should determine, on a consistent basis following predetermined criteria, which person or algorithm is primarily responsible for those activities.

In compliance with the principle of data minimisation, the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; should keep only information that is necessary and sufficient to enable the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; to carry out a comprehensive assessment of the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59;’s compliance with the relevant requirements of Regulation (EU) 2023/1114 and with that Regulation’s provisions on market abuse. When processing personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679; included in the records, crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; and competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; should comply with the relevant provisions of Regulation (EU) 2016/679.

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(⁴)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). and delivered an opinion on 28 August 2024.

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority (‘ESMA’).

ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council(⁵)Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj).,